CVE-2024-37000
📋 TL;DR
A memory corruption vulnerability in Autodesk's pskernel.DLL allows attackers to execute arbitrary code by tricking users into opening malicious X_B files. This affects users of vulnerable Autodesk applications on Windows systems. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Autodesk AutoCAD
- Autodesk Fusion 360
- Autodesk Inventor
- Other Autodesk applications using pskernel.DLL
📦 What is this software?
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or arbitrary code execution within the context of the Autodesk application, potentially leading to data exfiltration or malware installation.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, potentially only crashing the application.
🎯 Exploit Status
Exploitation requires user interaction to open malicious files. No public exploit code available at time of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: April 2024 security updates
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Restart Required: Yes
Instructions:
1. Open affected Autodesk application. 2. Navigate to Help > Check for Updates. 3. Install all available security updates. 4. Restart the application and system if prompted.
🔧 Temporary Workarounds
Block X_B file extensions
windowsPrevent opening of X_B files via group policy or application restrictions
Not applicable - configure via Group Policy Editor or application settings
Run with reduced privileges
windowsRun Autodesk applications with standard user privileges instead of administrator rights
Not applicable - configure via application shortcuts or user account settings
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized code
- Use network segmentation to isolate Autodesk workstations from critical systems
🔍 How to Verify
Check if Vulnerable:
Check Autodesk application version against vendor advisory. Open application and check Help > About for version number.Check Version:
wmic product where "name like '%Autodesk%'" get name, versionVerify Fix Applied:
Verify application version is updated to April 2024 or later security updates. Check Windows Update history for Autodesk patches.📡 Detection & Monitoring
Log Indicators:
- Application crashes in pskernel.DLL
- Unexpected process creation from Autodesk applications
- File access to X_B files followed by abnormal behavior
Network Indicators:
- Outbound connections from Autodesk applications to unknown IPs
- DNS queries for suspicious domains following file opens
SIEM Query:
source="windows" AND (process_name="acad.exe" OR process_name="inventor.exe") AND (event_id=1000 OR event_id=1001) AND message="*pskernel*"